2.

Cryptography:

Obfuscation: To take something that looks like it makes sense and to hide it
so that doesn't make sense to the outsider.
In information security it is called cryptography. It
provides confidentiality.

There are 2 ways to perform obfuscation:

Confusion: Each letter in the plaintext is substituted with another

according to a secret rule, making it hard to decipher without knowing the rule.

Diffusion: Changes in the plaintext (like adding or changing a letter)

result in extensive changes throughout the ciphertext,
ensuring that the encrypted message is well-mixed and
resistant to analysis.

Taking original data and make is obfuscated and then taking the
obfuscated data and bring it back to the original form.
These 2 processes are called encryption and decryption.

In real-world cryptography, modern algorithms like AES (Advanced

Encryption Standard) achieve both confusion and diffusion through complex
mathematical operations
and algorithms designed to resist decryption without the correct key.

Ceasar Cipher is one of the oldest type of cryptography. The key in the
ceaser cipher is called ROT (Rotations), it could be ROT 1, ROT 2, ROT 3 and so on.

Vigenère cipher is also one of the oldest type of cryptography.

Basically it is like ceaser cipher but it uses modified algorithm to decrypt the
message.

Classic cryptography components: 1) Algorithm 2) Key for encryption.

Kerckhoff's principle: Also known as Kerckhoff's law, is a principle in

cryptography that states that a cryptographic system should be secure even if
everything about the system, except
for the key, is public knowledge.
This principle is also sometimes
referred to as "security through obscurity is not security."

Cryptanalysis: Cryptanalysis refers to the process of analyzing

information systems in order to understand hidden aspects of the systems.
Cryptanalysis is used to breach cryptographic
security systems and gain access to the contents of encrypted messages,
even if the cryptographic key is unknown.

Obj. 2.1: Explain the importance of security concepts in an enterprise

environment:

> Data at rest: Data is housed physically on some

kind of computer storage
> Data in use/computation: Data is housed in RAM and
being accessed
> Data in transit: Data is moving through cables and
wireless transmission
 Obj. 2.8: Summarize the basics of cryptographic concepts:

> Session Key: In-band: Send the key with the

encrypted data, Out-of-band: Send the key via mediums other than the main stream.
> Symmetric encryption is the primary way to encrypt
data

* Ephemeral Key:

> Temporary
> Provides Perfect Forward Secrecy (PFS)

> Asymmetric Encryption:

> Uses a key pair: Public key, Private key

> Public key is only used to encrypt
> Private key is only used to decrypt
> Asymmetric encryption is slow but used to exchange
a secure session key
> RSA: RSA is Asymmetric Encryption Algorithm. RSA is
named after its 3 inventors Ron Rivest, Adi Shamir and Leonard Adleman.
Basically, it works on factoring
(Mathematical Term). RSA also includes authentication.
> Elliptic-curve cryptography (ECC): It is an
Asymmetric Algorithm and provides good security with much smaller key size.
> Cryptosystems: Cryptosystems define key properties,
communication requirements for the key exchange,
and the actions taken
through the encryption and decryption process
> Public keys are paired with a private key (key
pair) when using RSA asymmetric cryptography
> ECC can create a smaller key than RSA and provides
the same security with increased performance
> Each public key has a single private key, without
the private key the information cannot be decrypted
> Diffie-Hellman: Asymmetric algorithm, Provides a
methodology for 2 parties to come up with the same session key, referred to as a
key exchange agreement
Diffie-Hellman groups
help by defining the size or type of key structure to use. Diffie-Hellman can have
very large keys.
Diffie-Hellman Groups:
Group-1 : 768-bit modulus, Group-2 : 1024-bit modulus, Group-5 : 1536-bit modulus,
Group-14 : 2048-bit
modulus, Group-19 : 256-bit elliptic curve, Group-20 : 384-bit elliptic curve,
Group-21 : 521-bit elliptic curve.

* Symmetric Key Algorithms:

> Block:
# Encrypts data in chunks
# S-Box: In cryptography, an S-box
(substitution-box) is a basic component of symmetric key algorithms which performs
substitution.
# Symmetric block algorithms: Defined by
Key length, Block size, Number of rounds
 > Data Encryption Standard (DES): Block Cipher, 64-bit Block size, 16 Rounds,
Key Size: 56-bit

> Blowfish: Block Cipher, 64-bit Block size, 16 Rounds, Key Size: 32-448 bits

> Triple DES (3DES): Block Cipher 64-bit Block Size, 16 Rounds, Key Size:
168-bit (56-bit X 3)

> AES: Block Cipher, 128-bit Block size, Key Size: 128, 192, 256 bits with
respect to Rounds: 10, 12 or 14

> Symmetric Block Modes:

# Electronic Code
Book (ECB) Mode: ECB block modes will always output the same results with the same
input.

In ECB mode the encryption algorithm takes

plain text input,

break it into smaller chunks called blocks and

encrypt that blocks with the same key and

provides the cipher text.

The problem here is if a plain text block has a

same input,

cipher text output will be same and this can

reveal a pattern.
# A binary block
is plain text converted into 16-bit, 64-bit, or 128-bit binary ciphertext
# CBC, CFB, OFB,
CTR block modes use an initialization vector (IV), which ensure the output block is
uniquely different
# Cipher Block
Chain (CBC): CBC mode takes an input block of plain text and random bits as
initialization vector (IV) of the same block size.

Then it calculates XOR between the input and the IV, the
calculated XOR result is encrypted.

That encrypted block value will be used as IV for the

second input block for XOR calculation and so on.
# Cipher Feedback
(CFB): CFB mode takes the IV and encrypt it. Then it takes the encrypted IV value
and perform XOR with plain input block and uses the result as the output.

Then the output is used as IV and encrypted for the second

block then XOR and output and it keeps going.
# Output Feedback
(OFB): OFB mode encrypts the IV with the key and perform XOR with the plain input
block and gives the cipher output.

But for the second time it takes the first encrypted IV and
again encrypt it and perform XOR with the second input and then the cipher output
and so on.
# Counter (CTR):
CTR takes and NONCE value concate that into a counter value and encrypt the whole
value using the key.
 Then it takes input plain text block perform XOR with the encrypted
value and gives cipher text.

For the next time the counter value increments by 1 and then the
process goes ahead

* Symmetric Key Cryptosystems:

> Streaming Cipher: Encrypt one bit at a time,

Popular in wireless networking (WEP)
# RC4: Streaming Cipher,
1 Bit at a time, 1 Round, Key size: 40-2048 bits

* Hashing:

> Hashes are one-way, deterministic,and will produce

the same results each time the source is hashed.
> The length of the source data does not matter; the
hash will be the same exact size.
> Hashes are involved with password-storage and
encryption.
> # Collision: To take two different types of data
and generate the same hash for both of them. So, it shows pattern or algorithm of
the hash. MD5 and SHA-1 generate collision.

> Hash Types:

# Message Digest 5 (MD5):
Invented in 1992 by Ron Rivest. It uses 128-bit hash
# SHA: SHA is a family of
hashes developed by NIST. The earlier version is SHA-1 that has 160-bit hash. SHA-
256 and SHA-512 are from the family of SHA.
# RIPMED: RACE Integrity
Primitives Evaluation Message Digest. Not very common hash algorithm, Open
standard. 128, 160, 256, 320 bit digests are available.
RIPEMD-160
is the most common. While RIPEMD functions are less popular than SHA-1 and SHA-2,
they are used, among others, in Bitcoin and other cryptocurrencies based on
Bitcoin.
# Extras: RACE (Research and
Development in Advanced Communications Technologies in Europe) was a program
launched in 1980s by the Commission of European Communities
to pave the
way towards commercial use of Integrated Broadband Communication (IBC) in Europe in
late 1990s.

* Digital Certificate:

> Digital Signatures verify that the person who sent

the public key legitimately owns the private key
> Digital certificates include verification from a
third party to authenticate the owner of the digital signature.

Obj. 3.9: Given a scenario, implement public key infrastructure:

* Trust Models:

> Self-Signed: Self-Signed digital certificates that

are mostly used in private networks.
> Web of Trust: It uses a network of mutually
trusting peers. It's like public trust model where people signs eachother's digital
certificates on the basis of mutual understanding.
Web of trust can be seen
in emails (Not now a days).
> Public Key Infrastructure (PKI): PKI uses
hierarchical structure with root certificate authorities (CAs) and intermediate CAs

* Public Key Infrastructure (PKI):

> X.509 Standard: X.509 is a method to query systems

that store certificates and also includes standards for constructing digital
certificates.
> Public Key Cryptography Standards (PKCS): It gives
details on digital certificate construction and use.
> Root Certificate Authority (CA): The Root CA is the
signer/issuer of the Intermediate Certificate. The Root CA Certificate is always
signed by the CA itself.
> Intermediate CA: The Intermediate CA is the
signer/issuer of the SSL/TLS Certificate.
> Registration Authority (RA): Registration
Authorities identify and authenticate individuals registering for certificates.
> Certificate Chaining: A certificate chain is an
ordered list of certificates, containing an SSL/TLS Certificate and Certificate
Authority (CA) Certificates,
that enables the
receiver to verify that the sender and all CA's are trustworthy.
The chain or path
begins with the SSL/TLS certificate, and each certificate in the chain is signed by
the entity identified by the next certificate in the chain.
> A self-signed certificate is one that is authorized
by the same entity who registers for the digital certificate (these should not be
trusted outside an internal network).
> Each X.509 certificate has several attributes based
on its certificate template. The common X.509 certificate fields include the
following: Subject, DNS, Issuer, Validity, Key Size, Signature Algorithm, Serial
Number, SAN, Policies, DACL

* Certificate Types:
> SSL or Web certificates:

# Domain Validation (DV) certificate: A

Domain Validation (DV) SSL certificate works by verifying that the domain name
associated with a website is owned by the person or entity requesting the
certificate.
# Wildcard Certificate: Wildcard SSL
certificates are for a single domain and all its subdomains. A subdomain is under
the umbrella of the main domain.

Usually subdomains will have an address that begins with something other than
'www.'
# Extended Validation (EV) certificate:
Extended Validation involves a full background check of the organization.

The CA will make sure that the organization exists and is legally
registered as a business,

that they actually are present at the address they list, and so
on.

This validation level takes the longest and costs the most, but
Extended Validation SSL certificates are more trustworthy than other types of SSL
certificates.
# Subject Alternative Name (SAN)
certificate: DigiCert Subject Alternative Name (SAN) Certificates can secure
multiple fully qualified domain names with a single certificate.

SAN Certificates are often needed to secure Exchange

Server or Office Communications Server

and in instances where you need to secure multiple

domains that resolve to a single IP address (such as in a shared hosting
environment).

> E-mail certificate: A secure email certificate,

also known as an S/MIME certificate or an email signing certificate,
is used by anyone
who sends emails for business-related purposes that contain sensitive information.
It’s widely used
by small businesses, SMBs, and large corporations because it does two extraordinary
things:

- It
attaches a digital signature to the email that verifies that you (and not an
imposter) sent the email,
and
that the email hasn’t been altered since it was sent.

- It
encrypts your emails before they ever leave your mailbox so they can only be opened
by your intended recipients.
This
provides both data in-transit and data at-rest protection.

> Code-signing certificate: A code signing

certificate is a digital certificate issued by a trusted Certificate Authority that
binds the identity of a software publisher or developer to the code they sign.
It contains
the certificate holder’s public key and is used to sign software code and
distribute it securely to end-users.

> Machine/computer/hardware certificate: A device

certificate is a type of digital certificate that enables mutual authentication and
secure connections

between two devices (i.e., machine-to-machine, or M2M communications).

This is done through the use of public key infrastructure, or PKI for
short.

This is why they’re also sometimes known as PKI device certificates.

> User certificate:

> Wireless network certificate:
> Digital certificates store a public key with a
digital signature, personal information about the resources, and a second digital
signature from a trusted third party.
 > Certificate formats: DER encoded binary X.509
(.CER), Base-64 encoded X.509 (.CER),
PKCS #7
Certificate (.P7B): This includes certificate, chain certificate and no private
key,
PKCS #12 (.PFX):
This includes certificate, chain certificate and private key.
> Expired certificates are included in a certificate
authority's published list called a certificate revocation list (CRL)

Obj. 1.2: Given a scenario, analyze potential indicators to determine

the type of attack:

* Cryptographic Attacks:

> Attack the Algorithm: Either to crack the

encryption algorithm with computation power or to make the encrypter to use weak
encryption algorithm that is easy to crack.
Attacking the
algorithm directly is nearly impossible for most up-to-date standards, as crackable
algorithms are usually taken out of production.
> Attack the Implementation: Taking advantage of
weakness in how the connection is made.
> Attack the Key: Somehow figuring out the key in
order to break in.

* Password Cracking:

> Passwords are usually stored in hash format, making

them difficult to crack.
> Brute Force Attack: Brute-force attacks work by
calculating every possible combination that could make up a password and testing it
to see if it is the correct password.
As the password's
length increases, the amount of time, on average, to find the correct password
increases exponentially.
> Dictionary Attack: To use lists of probable
passwords. Attempting to find the original plaintext by hashing common passwords
and comparing them to the target hash.
> Rainbow Table: To use pre-calculated hashes of
passwords
> Offline Attack: Taking/downloading the stored data
of username and password hashes from the system and try to crack the passwords in
the local system.
> Salting: Password --> Timmy123, Salt --> Krj8e00,
Salted Password --> Timmy123Krj8e00, Salted Password Hash --> 075e8.....F. This is
not going to defeat Brute Force Attack.
> Key Stretching: Password-Based Key Derivation
Function 2 (PBKDF2)